If you paid any attention to the national news in recent weeks, you would have seen the coverage of the Colonial Pipeline attack. A quick refresher, a devastating ransomware attack that brought operations of a major gas pipeline to a halt. Ransomware is usually installed thru the method many have heard of phishing. Phishing is a very common cyber-attack but there are three different types of phishing attacks.
There is spear phishing where attackers target a specific point or “spearpoint” with a targeted email or other form of communication. This can be sales employee all the way to mid-tier management. There is “whaling” which attackers target the CEO, CFO sometimes even the CISO; the goal here is to scare the victim with the threat of some form of legal action. Recently, a new type of phishing has begun to sweep across cyberspace, “smishing”. Smishing is a phishing attack that uses text messages or short message service (SMS). The most common form is a text message saying “your package has been shipped” or another message that you would receive daily. However, there is a link that if you tap on or open…boom…the attacker is in.
It is not all doom and gloom; phishing attacks are luckily pretty easy to prepare for. The good news is that most of the protection can be covered by adequate employee training and reminders around the workspace. These tips are simple tips, but they can be forgotten when times get busy. The first tip is if an email looks questionable, just delete it. The phrase “When in doubt, delete” is frequently tossed around, if you aren’t sure about an email, simply deleted it. The next tip is to look at the sender’s email address, often times attackers spoof an email address to look like a real email, but often times they will mix in numbers and symbols into it. Simple changes such as changing “o” to “0” or “E” to “3” etc.
In the constantly evolving world of cybersecurity, it is important to control the things you can control and by educating your employees on phishing attacks, you can successfully defend against a lot of phishing attempts.